If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Secunia PSI

If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?

I actually find this to be very helpful software. For those of you who don't know what this is, it scans all installed software (or most of all) and makes sure each one is the most up to date version to keep your computer as up to date with patches as possible. It saves a lot of hassle (well, i mean, i wouldn't take the time to make sure everything was updated before I had this software), keeps your computer more secure, and even gives you a link that will download the update for you for the software that hasn't been updated yet.

Hmm carn't seem to get the thing to work, it keeps crashing while doing the initial scan, it get's to 4% and just freezes up and starts getting non-responsive.

Are you possibly attaching a debugger or do you have a proxy that doesn't support CONNECT?

I spent some time playing with this because I love the concept. I think it's a great tool for a home user... I dislike the implementation though.

I understand that it's a free tool and that building lists of vulnerable software takes resources and effort (I've done it myself ). However the approach of scanning my computer for files, uploading the versions to their server to match against the scan engine and then pulling the results back down. I dislike that... I dislike it a lot.

I want to know exactly what they're looking at, what pieces of software they identify, and a number of other things. Maybe it's just me, but if I don't know what they're scanning and uploading... especially given that this is free software... what's to stop them from taking information they shouldn't?

IT Blog: .:Computer Defense:.PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Its complaining about not having a connection to the server ... there is no proxy support though which could be a problem.

It does indeed have proxy support. It uses whatever your proxy is configured as in IE. As I mentioned above it has to support CONNECT, this is because SSL is used, so you can't just pass it a get. Which means you can't use a proxy to even log the transactions (you'll simply see CONNECT -- host in your proxy logs).

Some things I noted. On startup it resolves psi.secunia.com (which has two IPs). If you filter the IPs at your firewall, it won't start. If you point psi.secunia.com to another IP where you have a server running with SSL, it won't start (due to a certificate mismatch). If you setup a proxy, it will use CONNECT, which means you still can't log transactions.

The most you can do is looking in your temporary internet files folder and take note of the files that are created (which contains a UID... which I'm wondering if it's unique, which means they can track software installed on various machines over time).

As I said.. software that behaves in this way doesn't sit right with me...

IT Blog: .:Computer Defense:.PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

If you cannot do someone any good: don't do them any harm....
As long as you did this to one of these, the least of my little ones............you did it unto Me.
What profiteth a man if he gains the entire World at the expense of his immortal soul?